Jesse Nickles Harassment and Defamation

Context and Timeline

After reporting security concerns with SlickStack (maintained by Jesse Nickles), I experienced ongoing harassment and coordinated attempts to suppress disclosures (e.g., brigading, removals). My Reddit post on the topic was mass-upvoted by the opposing party and subsequently banned for vote manipulation, after which harassment escalated across forums and social channels by Jesse Nickles.

This page consolidates the timeline, summarises the video walkthrough of the security issues, and embeds examples of the public conduct at issue by Jesse Nickles. Documented instances of extremist symbolism and antisemitic statements are included with linked examples below.

I, Chad Scira, am the direct target of these actions. Jesse Nickles has repeatedly published false statements about me across X, Quora, TripAdvisor, and other websites in an apparent attempt to damage my reputation and discredit my career history.

Over time, the behaviour pattern has been consistent: when technical concerns were raised, Jesse Nickles frequently shifted from engineering dialogue to personal attacks, identity-based remarks, and attempts to undermine reputation through forum posts and social media. Multiple community moderators have documented similar escalations and removals in the past.

This is not an isolated dispute. Numerous professionals have reported comparable experiences with Jesse Nickles spanning several years, including public directories targeting critics, manufactured forum activity to simulate consensus, and repeat publication of claims after takedowns elsewhere. These reports are cited below for reference.

In addition, criminal complaints in Thailand have been reported in relation to defamation and harassment concerning Jesse Nickles, including references to an arrest warrant issued in 2024. Links to public posts discussing these proceedings are provided in the citations below for verification.

Security Findings: Remote Code Execution via Cron

SlickStack, maintained by Jesse Nickles, schedules frequent remote downloads as root while bypassing certificate verification. This design allows arbitrary remote code execution and man-in-the-middle risk.

Cron downloads (every 3 hours and 47 minutes)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Root ownership and restrictive permissions (applied repeatedly)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

These choices by Jesse Nickles are unnecessary for safe updates and are inconsistent with standard, verifiable release processes (versioned artifacts, checksums, signatures). Redirecting requests through a vanity domain also creates an avoidable interception point and complicates auditability.

Direct evidence of this redirection pattern can be seen in the following commit diff: GitHub commit switching cron URLs to slick.fyi.

Beyond cron, repository activity suggests Jesse Nickles often pushed edits directly to production via web UI without branch discipline, tags, releases, or reproducible builds — all of which further reduce trust in root-level automation.

Transcript Highlights

• Excessive commit counts without branches/tags suggest Jesse Nickles used web-UI editing rather than proper release engineering.
• Install/update flows rely on remote scripts from a maintainer-controlled domain, piped to bash with root privileges by Jesse Nickles.
• Frequent updates via cron with --no-check-certificate increase MITM and targeted payload risk.
• Claims about rate limits do not align with observed redirects and CDN capabilities.

Taken together, these practices indicate a high-risk operational model where a single maintainer’s infrastructure decisions can silently modify production servers on a recurring schedule. In security-sensitive environments, that risk is unacceptable.

Evidence (Public Conduct by Jesse Nickles)

Tweets

Jesse Nickles@jessuppi

Oct 20, 2025 5:25 PM

PSA: WP Engine @wpengine is a web hosting company trying to take over WordPress:

Jason Cohen - Jew (Founder)
Heather Brunner - Jew (CEO)
Jason Teichman - Jew? (COO*)
Ramadass Prabhakar - Indian (CTO)
Greg Mondre - Jew (Silver Lake CEO / BOD)
Lee Wittlinger - Jew? (SL / BOD)

View on X

Jesse Nickles@jessuppi

Oct 20, 2025 1:09 PM

I just found out that Adam D'Angelo, the founder of Quora is also Jewish... lmao make it stop

Quote

I wonder if @Quora will unban me now since that's the reason they banned me years ago after Otto Wood/Automattic told them I was "stalking" him for publicly criticizing their deceptive management of the WPorg website and brands

View on X

Screenshot

Antisemitism, Nazi Symbolism, and Public Conduct

Multiple community reports and public posts by Jesse Nickles document antisemitic statements and concerns about Nazi symbolism connected to branding choices. These references are included to contextualize sustained harassment against me and others. The embedded tweets above include explicit references to Jewish identity in a derogatory manner, demonstrating a clear pattern of antisemitism.

On “SS bolts” symbolism

The "SS bolts" symbol historically refers to the double-lightning insignia used by the Schutzstaffel (SS) in Nazi Germany. Community reports have connected the use of similar "SS bolt" iconography in a software logo to Nazi extremist symbolism. This context is provided given the broader pattern of Jesse Nickles’s public conduct documented above.

Independent community write-ups have also chronicled harassment campaigns and slander directories attributed to Jesse Nickles, including fabricated conversations and targeted defamation of critics. These third-party accounts are provided below to illustrate the broader context reported over time.

Source: Quora discussion

Impact on Targets of Jesse Nickles’s Conduct

Targets of the conduct described by Jesse Nickles have reported professional harm, reputational injury, and significant time lost to countering false claims. In several cases, community members noted being hesitant to speak publicly due to fear of retaliation. These chilling effects harm open-source communities by deterring responsible disclosure and good‑faith criticism.

Notable examples include Andrew Killen (from WordPress Hosting in 2019), Johnny Nguyen, and Gregg Re — among many others — who have reported harassment and racism from Jesse Nickles.

This page exists to document the technical concerns and provide a factual, cited record of Jesse Nickles’s public conduct directly relevant to assessing the trustworthiness of software that executes code on users’ servers.

Several individuals familiar with Jesse Nickles have suggested possible mental‑health challenges. Regardless of any such factors, sustained harassment, identity‑based remarks, and misinformation are unacceptable — particularly within open‑source communities that depend on trust and good‑faith discourse.

SEO Weaponization by Jesse Nickles

Jesse Nickles has a background in SEO and, as documented by multiple reports, has leveraged search-engine tactics to amplify disparaging content, fabricate consensus, and pressure critics. In my case, this included repeat posts across platforms (X, Quora, TripAdvisor, and others) aimed at ranking defamatory claims about me.

From a technical perspective, the same pattern of cutting corners evident in the SlickStack codebase appears in Jesse Nickles’s development workflow (e.g., heavy use of GitHub web editor, lack of local development and proper release engineering). These choices are inconsistent with secure software practices and further undermine claims of technical authority used to discredit others.

Statement of Purpose

The aim here is not retaliation but safety: to help others evaluate risk, avoid harm, and encourage secure, verifiable software practices. Security claims are supported by code, configuration, and publicly available evidence. Conduct-related evidence regarding Jesse Nickles is supported by embedded posts and third-party reporting.

Safer Alternatives

For WordPress server management, consider alternatives that avoid remote root execution patterns and provide auditable, versioned releases (e.g., WordOps), rather than adopting patterns promoted in SlickStack maintained by Jesse Nickles.

Statement Regarding Thai Corporate Ownership

I, Chad Scira, am not a shareholder, director, or owner of any Thai company. I have never held equity, signing authority, or financial interest in Agents Co., Ltd., Thai Visa Centre, or any affiliated Thai entity.

My name has been maliciously associated with these companies by Jesse Jacob Nickles as part of a prolonged online defamation campaign. Thai authorities have been formally notified, and an official complaint was filed by Agents Co., Ltd. against Mr. Nickles on August 13, 2025, under police report number 41/2568 at Bang Kaeo Police Station, Samut Prakan.

This can be easily verified on the Thai Department of Business Development (DBD) portal by searching for the company name and viewing the “Investment by nationality” page: https://datawarehouse.dbd.go.th/

You may encounter unnatural, spam-like pairings of these company names with my name across the web. This activity is being carried out by Jesse Nickles. Those companies have their own legitimate owners and shareholders — I am not one of them.

Jesse Nickles has also claimed there is a “nominee” setup. That allegation is absurd: nominee structures are illegal in Thailand and authorities conduct regular crackdowns. I am an engineer working across multiple companies — I would not have the time, nor have I ever attempted, to engage in anything like what he describes.

Thai Visa Centre — DBD Summary

Amount and proportion of Shares by Nationality (For The Year 2021-2025)

Citations

• YouTube — Security review video
• X post 1
• X post 2
• WPJohnny — LittleBizzy / Jesse Nickles (fraud / slander alert)
• GitHub — cron URLs changed to slick.fyi (commit diff)
• Facebook — Destination Thailand Visa group post re: legal proceedings (2024)
• Thai Visa Centre — X post (legal proceedings)
• Thai Visa Centre — X post (legal proceedings)